Solved

Cisco 7960 VoIP behind ASA 5510 not recieving calls, but can make calls

Posted on 2010-11-15
4
1,731 Views
Last Modified: 2013-12-27
I have an interesting problem with our ASA 5510. We have a few Cisco 7960 VoIP phones which can make calls but are unable to receive calls after a few hours.

My thought was that the ASA was causing an issue with SYN/ACK messages coming from the phones and being denied due to no matching SYN and causing half open connections on the phones until the phone can no longer receive any new connections. I've seen this happen in the logs before.

this was "fixed" with:
service resetinbound interface outside
service resetinbound interface inside

However, I'm not seeing any denied SYN/ACK messages now and the phones are having this issue. The only way I know to temporarily resolve it is to re-enter the dynamic nat configuration, and then the phones begin to work again.

The phones are configured for SIP, and are using our ISPs IPBX to register.
[Phone]---->[ASA]-------->[ISP IPBX]

I've attached the ASA config. If anyone has any input on this, it will be greatly appreciated.


0
Comment
Question by:aaronhebert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Assisted Solution

by:aaronhebert
aaronhebert earned 0 total points
ID: 34143159
ran debug sip and found the following message

SIP::Unable to open pinhole for NOTIFY message from 192.168.26.20 to 192.168.26.20/50195
0
 

Expert Comment

by:kunalpatel
ID: 34212746
Dont you have to run the phone-proxy for this to work ??

Check this out

https://supportforums.cisco.com/docs/DOC-5704

Cheers

Kunal
0
 

Accepted Solution

by:
aaronhebert earned 0 total points
ID: 34317570
Found out that inspecting SIP on ASAs will cause this issue.

Resolution:
Do not inspect SIP. Perform QoS based on Expedited Forward value.

From the IP header:
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)

This problem exists because we use multiple VoIP vendors. Linksys and Cisco. Each use their own protocols. Cisco uses RTP over UDP, and Linksys uses straight UDP without any further encapsulation. matching for QoS by DSCP field has resolved this issue.
priority-queue outside
priority-queue inside
!
class-map global-voice-class
 match dscp ef
!
policy-map global-voice-policy
 class global-voice-class
  priority
!
service-policy global-voice-policy global

Open in new window

0
 

Author Closing Comment

by:aaronhebert
ID: 34358719
issue resolved
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question